Automated Malware Analysis IOC Report for

Details

Is windows:	true
Is dropped:	false
PID:	6332
Target ID:	1
Parent PID:	4004
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\windows_update.bat" "
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f550000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	2016
Target ID:	2
Parent PID:	6332
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	6856
Target ID:	3
Parent PID:	6332
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\windows_update.bat" MY_FLAG
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f550000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	6944
Target ID:	4
Parent PID:	6856
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	992
Target ID:	5
Parent PID:	6856
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd /c ""C:\Users\user\Pictures\kam.cmd""
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f550000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	1836
Target ID:	6
Parent PID:	6856
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd /c ""C:\Users\user\Pictures\las.cmd""
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f550000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	5672
Target ID:	7
Parent PID:	992
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	3192
Target ID:	8
Parent PID:	6856
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd /c ""C:\Users\user\Pictures\zap.cmd""
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f550000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	5576
Target ID:	9
Parent PID:	1836
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	2580
Target ID:	10
Parent PID:	6856
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd /c ""C:\Users\user\Pictures\xff.cmd""
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f550000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	4088
Target ID:	11
Parent PID:	3192
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Details

Is windows:	true
Is dropped:	false
PID:	5972
Target ID:	12
Parent PID:	2580
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:23:58
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
windows_update.bat

Processes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportwindows_update.bat

Processes

IOC Report
windows_update.bat